HP: Threat actors are hijacking users’ Chrome browsers when downloading from pirating sites

While pirating sites might look appealing, they have more than just good files that can be downloaded.

#technews #malware #chromeloader #hp

https://techaeris.com/2023/06/14/hp-threat-actors-are-hijacking-users-chrome-browsers-when-downloading-from-pirating-sites/

📣 #ChromeLoader, which was formerly discovered lurking within fake #VPN and antivirus, has now expanded its reach to encompass well-known games and utility software.

Read: https://www.hackread.com/roblox-nintendo-chromeloader-malwar/

#Security #Malware #Gaming #Roblox #Nintendo #cybersecurity

#ChromeLoader #Malware Targeting Gamers via Fake #Nintendo and #Steam Game #cybersecurity Hacks https://thehackernews.com/2023/02/chromeloader-malware-targeting-gamers.html @thehackernews

#ChromeLoader campaign uses VHD files disguised as cracked games and pirated software
https://securityaffairs.com/142740/cyber-crime/chromeloader-malware-vhd-files.html
#securityaffairs #hacking #malware

📬 Auf diesen PC-Spiele-Download solltest Du besser verzichten
#Gaming #Malware #AdobePhotoshop #Adware #CallofDuty #ChromeLoader #EldenRing #MarioKart #Microsoftoffice #Minecraft #VHD #Zelda https://tarnkappe.info/artikel/malware/auf-diesen-pc-spiele-download-solltest-du-besser-verzichten-266048.html

Day 1️⃣​0️⃣​ of #100DaysOfYara: MacOS Browser Hijacker Scripts🍎​
🔗​ https://github.com/colincowie/100DaysOfYara_2023/blob/main/January/010/010.md

Background on these MacOS malware scripts used by #ChromeLoader aka #ChoziosiLoader:
📖​ https://redcanary.com/blog/chromeloader/
📖​ https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html
📖​ https://www.th3protocol.com/2022/Choziosi-Loader

Todays rule did a nice job of detecting the historical ChromeLoader scripts. A more generic yara rule for identifying .command script abuse would potentially be pretty interesting!

Emerging Threats Daily Ruleset Update Summary 2022/11/07

Summary:

9 new OPEN, 18 new PRO (9 + 9) Chromeloader, SocGholish,
TransparentTribe, WinGO\Monitor.go, Various Android Mobile Malware,
Phishing, and more.

Thanks @MalGamy @0xrb

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

Added rules:

Open:

2039744 - ET MALWARE ChromeLoader CnC Domain (istakechau .autos) in DNS Lookup (malware.rules)
2039745 - ET MALWARE ChromeLoader CnC Domain (imenttogethe .xyz) in DNS Lookup (malware.rules)
2039746 - ET MALWARE ChromeLoader CnC Checkin M1 (malware.rules)
2039747 - ET MALWARE ChromeLoader CnC Error (malware.rules)
2039748 - ET MALWARE ChromeLoader CnC Checkin M2 (malware.rules)
2039749 - ET MALWARE WinGO\Monitor.go CnC Checkin (malware.rules)
2039750 - ET MALWARE APT36/TransparentTribe CnC Domain (richa-sharma .ddns .net) in DNS Lookup (malware.rules)
2039751 - ET MALWARE SocGholish Domain in DNS Lookup (course .netpickstrading .com) (malware.rules)
2039752 - ET MALWARE SocGholish CnC Domain in DNS Lookup (campaign .tworiversboat .com) (malware.rules)

Pro:

2852795 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CCM CnC Domain in DNS Lookup (mobile_malware.rules)
2852796 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CCM CnC Domain in DNS Lookup (mobile_malware.rules)
2852797 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sn Checkin (mobile_malware.rules)
2852798 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sn Checkin 2 (mobile_malware.rules)
2852799 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sn Checkin 3 (mobile_malware.rules)
2852800 - ETPRO MALWARE HTML/Fake Password Protected Document Blob Downloader M1 (malware.rules)
2852801 - ETPRO MALWARE HTML/Fake Password Protected Document Blob Downloader M2 (malware.rules)
2852802 - ETPRO PHISHING Successful Twitter Credential Phish 2022-11-04 (phishing.rules)
2852803 - ETPRO PHISHING Twitter Credential Phish Landing Page 2022-11-04 (phishing.rules)

#Snort #Suricata #NSM #Malware #ChromeLoader #SocGholish #Android_Mobile_Malware #Phishing #TransparentTribe #WinGO\Monitor.go

Tech Wrap-Up for Week #29, the top 10 stories by user engagement. New #ChromeLoader variant, #CloudMensis #spyware plagues #Macs, #Windows11 blocks RDP brute-force attacks, #Chrome #security update, easy #Android secure #DNS, & more in this week's wrap-up. https://www.techhelpkb.com/tech-wrap-up-week-29-2022/?utm_source=mastodon&utm_medium=toot&utm_campaign=wrapup

Tech Wrap-Up for July 20, which is #MoonDay. New #ChromeLoader variant, #CloudMensis #spyware plagues #Macs, easy #Android secure #DNS, new #Microsoft365 dash in #Edge, best #browser of 2022, and #Chrome 103 updated, all in today's wrap-up. https://www.techhelpkb.com/tech-wrap-up-7-20-2022/?utm_source=mastodon&utm_medium=toot&utm_campaign=wrapup

ChromeLoader: nuovo malware che attacca i browser - sicurezza.net #chromeloader #malware #attacca #browser #sicurezzanet #30maggio https://parliamodi.news/article/aHR0cHM6Ly9zaWN1cmV6emEubmV0L2N5YmVyLXNlY3VyaXR5L2Nocm9tZWxvYWRlci1udW92by1tYWx3YXJlLWNoZS1hdHRhY2NhLWJyb3dzZXIv

Tech Wrap-Up Week 21 2022. Teen online #privacy & #safety, #blockchain & #DeFi flaws, #ChromeLoader #malware surge, #Chrome sucks at blocking #phishing sites, #cybersecurity & #coding, #WordPress 6.0 released, glitchy #Mac apps, new features expected at #WWDC22, Chrome 102 released, and protecting your #privacy in #Windows, all in this week's wrap-up. https://www.techhelpkb.com/tech-wrap-up-week-21-2022/?utm_source=mastodon&utm_medium=toot&utm_campaign=wrapup

Tech Wrap-Up 5-26-2022, which is National Paper Airplane Day. Beware #ChromeLoader #malware, #WordPress 6.0 released, CISA says patch 75 flaws, #screenshots in #Windows, File Explorer tricks, ditching #Chrome for #Firefox, all in today's wrap-up. https://www.techhelpkb.com/tech-wrap-up-5-26-2022/?utm_source=mastodon&utm_medium=toot&utm_campaign=wrapup

⚠️WARNING: #ChromeLoader #malware attacks are on the rise — a persistent and pervasive web browser hijacker that uses #PowerShell to inject malicious extensions and redirects traffic to malicious ads.

https://t.co/CzHbBb8Z5R

#infosec #cybersecurity #hacking